Cyber Security Month Kickoff event
Brussels, 30 September 2016
Welcome Sébastien de Brouwer, EBF Executive Director
Welcome speeches Wim Mijs, Chief Executive, EBF Steve Purser, Head of Core Operations, ENISA Olivier Burgersdijk, Integrated Data Management, Europol
Ken Ducatel, Director, DIGIT
European Cyber Security Month (ECSM) Kick-Off Brussels, 30 September
Other obstacles • Lack of digital skills • Lack of awareness on cyber risks
Welcome speeches Wim Mijs, Chief Executive, EBF Steve Purser, Head of Core Operations, ENISA Olivier Burgersdijk, Integrated Data Management, Europol
Ken Ducatel, Director, DIGIT
European Cyber Security Month Cyber Aware Executive Seminar 30 September 2016
19 September 2016
Ken Ducatel
Director of IT Security DG DIGIT Ken DUCATEL, Director DIGIT S Ilkka SALMI, Director DGEuropean HR DS Commission
The programme
Thank you!
[email protected]
Break 15 ‘
National campaign coordinators Moderator: Vangelis Stavropoulos, Project Coordinator, ENISA France: Anne-Charlotte Brou, Agence nationale de la sécurité des systèmes d’information (ANSSI) Germany: Hanna Heuer, Federal Office for Information Security (BSI) Luxembourg: Daniele Bisdorff, Ministère de l'économie du Luxembourg Netherlands: Marjolijn Durinck, Platform voor de Informatiesamenleving (ECP) Norway: Peggy Heie, Norsk senter for informasjonssikring (NorSIS)
Mois européen de la cybersécurité #ECSM
ECSM in France Events Online activities
17 +
10 +
activities registered
participants
Coordination of the event in France ANSSI
Agence nationale de la sécurité des systèmes d’information ECSM Kick off event – Brussels – September 2016
2
ANSSI Created in 2009, ANSSI ensures the security and defence of State information systems and contributes to that of National Operators of Vital Importance (OIV). Prevent the threat by anticipating modes of attack through scientific expertise, defining protective measures and by certifying trusted IT products and services
ECSM Kick off event – Brussels – September 2016
Three major duties
Inform Defend information systems by detecting weaknesses and incidents and by reacting as early as possible in case of a cyberattack, providing its technical assistance and expertise
various audiences, raising awareness of the necessary protection of digital environments, promoting best practices for cyber security and by issuing technical recommendations
3
ECSM Activities in Germany
Activities by BSI Online survey In cooperation with the German police we ask for the second time private users about their behaviour regarding cyber-security. Online information We publish an animated video and further information on each weekly topic. Cyber-security ABC On Facebook we explain terms regarding cyber-threads to raise awareness.
Hanna Heuer | ECSM in Germany | 30.09.2016 | Page 2
Activities in Germany Project office A project office asked different organisations to take part in this year’s ECSM – either with activities or as multiplicator. Registered activities A wide range of activities was registered, from webinars to live-hacking demonstrations, from public discussions to intern awareness campaigns. Partners Among the partners are companies as well as public institutions and organisations.
Hanna Heuer | ECSM in Germany | 30.09.2016 | Page 3
Contact with ENISA
Contact with national ministry (financing structure)
Coordination of media attention and PR (research results)
Organising CSM: coordination tasks
Toolkit with material for partners:
Coordination partners : -192 partners, all with events, activities, newsletters, tools
Website with agenda of all activities and tips
• • • •
Posters Flyers Online test Video’s
Norwegian Centre for Information Security is an independent, expert, non-profit organization committed to promoting awareness and effective cyber security measures, practice and policy. We informs on cyber threats, advice people violated online, and facilitate activities and events promoting effective cyber security practice
Free online service giving practical advice on cyber security and netiquette to Norwegian residents and SMEs
Free advisory service for those who feel offended or experience violation of rights online
Network of women working for a safe and secure internet and appropriate cyber security policies
Annual national campaign to raise attention on cyber threats and effective cyber security practices
NorSIS employees have broad knowledge and experience in cyber security. Our primary audience is small and medium size enterprises and Norwegian residents. We cooperate with enterprises in both public and private sector to increase knowledge on sound cyber security practice, motivate enterprises to take social online responsibility and improve national cyber resilience. Through a network of experts NorSIS produces, analyses and disseminates knowledge on cyber security and the cyber security culture.
The Norwegian Cyber Security Culture
Survey Report published 28. september
Bilder: Maria Nyheim
The Norwegian Cyber Security Culture survey Don’t believe security updates made by individuals will contribute to secure the internet.
Says they knowingly violate security rules because of functionality.
Will report cyber crime to the police but do they?
Think they know how to behave safe online.
Uses the same password everywhere – 19 % have different passwords on different services.
Keep their computer updated, 18% does not.
Security in Banking Moderator: Keith Gross, Chair EBF, Cyber Security WG Wien De Geyter, Secretary General, Febelfin Senan Moloney, VP Cyber Threat Intelligence, Barclays Koen Hermans, Public Prosecutor, Eurojust
Peter, Kerstens, Advisor for Financial Sector Cybersecurity, DG FISMA
Safe internetbanking by Febelfin The story behind our campaigns
Wien De Geyter – Secretary General
Cyber Security Month Kick-off Event 30/09/2016
Who is Febelfin?
We represent 260 members, by: - defining positions - lobbying - providing info, counsel & training - communicating Cyber Security Month Kick-off Event 30/09/2016
5 years of campaign
Amazing Mindreader
See how easily freaks can take over your life
If you have some doubts, you’d better stop
Cyber Security Month Kick-off Event 30/09/2016
2013: 1,772 fraud cases
Why?
2012: 1,003 fraud cases 2011: 94 fraud cases 2010: 1 fraud case
Cyber Security Month Kick-off Event 30/09/2016
Amazing Mindreader
Your entire life is online & might be used against you…
Cyber Security Month Kick-off Event 30/09/2016
Amazing Mindreader
YouTube campaign
Launched in September 2012
+Many awards
Target group: 45-66
Goal: creating awareness about the danger of sharing information on the internet Cyber Security Month Kick-off Event 30/09/2016
See how easily freaks can take over your life
Your life might be taken over! Cyber Security Month Kick-off Event 30/09/2016
See how easily freaks can take over your life
YouTube campaign
Launched in July 2013
Best campaign of 2013 (European Excellence Awards)
Target group: 45-66
Message of general interest on TV
Launched in October 2013
Reach: 50% of BE population
Target group: youngsters, elder people, families
Goal: creating awareness about the danger of phishing
Cyber Security Month Kick-off Event 30/09/2016
If you have some doubts, you’d better stop
Cyber Security Month Kick-off Event 30/09/2016
If you have some doubts, you’d better stop
Message of general interest on TV
Launched in August 2014
Reach: 50% of Belgian population
Target group: youngsters, elder people, families
Bannering
Launched in August 2014
Visible in bank branches, on ATM’s, on website banks,…
Focus on phishing: from awareness to action Cyber Security Month Kick-off Event 30/09/2016
Result: a shut down of number of fraud cases 2013: 1,772 fraud cases
2014: 277 fraud cases 2015: 283 fraud cases Cyber Security Month Kick-off Event 30/09/2016
• Silver Effie Award • Consumer Insight Award
Cyber Security Month Kick-off Event 30/09/2016
We go for zero
www.safeinternetbanking.be Cyber Security Month Kick-off Event 30/09/2016
Febelfin vzw/asbl Belgian Financial Sector Federation www.febelfin.be
Cybersecurity Awareness Month October 2016 Outreach and Awareness Cyber Security Operations Centre (CSOC) Global Information Security (GIS)
Internal Only
Cybersecurity Awareness Month • To reduce our vulnerability to cyber attacks and to enable a Go-To bank in cyberspace, the GIS Awareness Cyber Awareness month has been created to enable and support an ongoing learning environment. • Supported by key stakeholders, globally and locally delivered the Cyber Security Awareness Month will consolidate the delivery of cyber training and awareness and expand to include the cyber security issues faced by end users in a quick, non-invasive, accessible structure that leads to a more secure cyber security savvy global society. • Visit and contribute to discussions on the Cyber Awareness Month MySite community and encourage your teams to register for exciting and informative events:
Week 1 – Protect – Defending the bank, its customers and our colleagues. Defend the Barclays estate, our customers, and our employees from cybercrime attacks that lead to unacceptable data breaches, destruction of key digital information, and monetary loss.
Week 2 - Enable – Enabling the Business Transportation to Digital & Mobile Enable our business areas to deliver our unique financial services in a timely manner and secure manner.
Week 3 - Innovate – Designing Tomorrow’s Cyber Defences GIS and our partners will be dedicated to the innovation of the next generation cyber security software and hardware so we can deliver stronger and safer applications and platforms than our competitors.
Week 4 - Educate – Enabling Global Cyber Resilience Education is the basic foundation and the platform of all our activities. We embed security in our business culture and DNA and have great respect for our corporate social responsibilities. Educating our colleagues through training is a key part in our strategy
2 | Phishing Education v2 | 10 June 2016 Cybersecurity Awareness Month Internal Only
Cybersecurity Awareness Month • Over 80 events have been organised globally for our 140,000 colleagues to actively participate in. • Over 500 Cyber Champions based in 41 countries have registered as ambassadors to spread the word about cyber security. • A dedicated intranet site has been put together to showcase the month across Barclays. • All events are available in person and remotely for colleagues to dial into globally. • All events are being recorded to enable colleagues to watch the session after it has taken place. • The month long initiative includes the following activities: • • • • • • •
Hackathons Competitions Guest Speaker Sessions Murder Mystery Workshops Town Halls Conferences
3 | Phishing Education v2 | 10 June 2016 Cyber Cybersecurity Champions Awareness Update Month Internal Only
Cybersecurity Awareness Month Plan
4 | Phishing Education v2 | 10 June 2016 Cyber Champions Update Cybersecurity Awareness Month Internal Only
Eurojust The European Union’s Judicial Cooperation Unit
EUROPEAN MONEY MULE ACTION EMMA
Koen Hermans – Vice Chair Cybercrime Taskforce Eurojust / Public Prosecutor
STRUCTURE: I II III IV V
EMPACT WHY? HOW? RESULTS FUTURE
I EMPACT EU multi-annual policy cycle: EMPACT Priority threats -> Operational action plans (OAP’s) to combat threats European Money Mule Action (EMMA) is a pilot OAP under the EMPACT flag targeting Money Mules
4
II WHY MONEY MULES? Organisation Financial Cybercrime Group
* picture: Kaspersky
5
II WHY MONEY MULES? Essential chain in Cyber Organised Crime Group (OCG) Money muling is one of the most commonly used methods for transferring fraudulent money Aim: target essential chain - related to money laundering - in Cyber OCG 6
III HOW? - judgments - out of court settlements
Courts Prosecutors
- other interventions
- investigations - analysis - acquiring info
Investigators Prosecutors
Banking Sector
- information
7
III HOW? Crucial:
I
Private – public cooperation
II
Involvement of prosecution, investigators and banking sector is crucial
III
Retribution (individual prevention)
IV
General prevention: awareness campaign 8
III HOW? Operational and Coordination Meetings at Europol and Eurojust Discussing:
-
Acquiring and sharing information; Money laundering legislation; Aligning different actions; Action day; Media campaign. 9
III HOW? Action week 22 – 26 February 2016 Belgium, Denmark, Greece, the Netherlands, the United Kingdom, Romania, Spain and Portugal Plus support from Moldova Eurojust, Europol and European Banking Federation (EBF) 10
IV RESULTS • 838 fraudulent transactions reported
• 673 money mules identified • 75 banks involved • 198 interrogations • 81 arrests 11
IV RESULTS More than 90% linked to Cybercrime
phishing malware online shopping fraud other
12
IV RESULTS
13
V FUTURE • More countries • More banks • Improve sharing information banking sector – law enforcement and judicial authorities 14
THANK YOU FOR YOUR ATTENTION
15
Mobile Malware Moderator: Olivier Burgersdijk, Integrated Data Management, Europol Michael Shaulov, Head of products, Mobile & Cloud Security, Check Point Software Technologies Senan Moloney, VP Cyber Threat Intelligence, Barclays
Tomislav Vazdar, Chief Security Officer & Head of Corporate Security, Erste & Steiermärkische bank Daniel Lawrence, Detective Inspector, NPCC National Cyber Crime PROTECT Coordinator, CERT UK
Cyber awareness Moderator: Jakub Boratynski, Head of Cybersecurity and Digital Privacy, DG CNECT Dr. Veronica Donoso, Executive Director, INHOPE Dr. Hans Martens, Insafe network coordinator, European Schoolnet
Erka Koivunen, Cyber Security Advisor, F-Secure Corporation William O'Connell, Chief Business Security Officer, ADP
Closing remarks Steve Purser, Head of Operations, ENISA
FS ISAC & EBF signing MoU
Networking lunch